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We claim: { 

1. A communications network security method comprising: 
identifying a plurality of routes that define the communications network; 
identifying a >lurality of hosts as a function of the plurality of routes; 
performing a census of the communications network as a function of the plurality 
of hosts to determine a topology of the communications network; 

probing at least one host of the plurality hosts by transmitting a packet to the host, 
the host being selectedlfrom the census results and the packet having at least a source 
address determined as a function of the topology; and 

determining a security characteristic of the probed host as a function of a response 
by the probed host in receiving the packet. 



2. The method of claim 1 wherein the source address is an IP address associated 
with a host external to th|e communications network and the packet is constructed as a 
function of the source adldress and an IP address associated with the at least one host. 



3. The method o 
of the packet includes 
using at least a portion o 



claim 2 wherein the response of the probed host to the receipt 
transmitting a second packet, the second packet being derived 
information from the received packet. 



claim 2 wherein the performing the census operation further 



4. The method o: 
comprises: 

pinging a plurality of IP addresses to verify their respective validity , the plurality 
of IP addresses being identified from the plurality of routes; 

pinging particular hosts of the plurality of hosts to verify their respective location 
in the topology of the communications network; 



performing at least 
performing at least 



a first DNS lookup for at least one of the particular hosts; and 
a second DNS lookup across a communications channel, the 



communications channel serving to connect the communications network with a network 
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10 external to the communications network, the second DNS lookup identifying a specific 

1 1 host of the plurality of hosts. 
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1 5. The melifiod of claim 3 wherein the probing the at least one host operation 

2 further comprises: 

3 identifying tHe IP address associated with the probed host from the census; and 

4 generating the\packet as a function of the IP address associated with the probed 

5 host and the IP address associated with a host external to the communications network. 

1 6. The method ^f claim 2 wherein the determining the security characteristic 

2 operation further compi ises: 

3 monitoring the 

4 a transmission of a second 

5 message identifying the 



robed host to determine the response, and if the response includes 

packet from the probed host, generating a security alert 
probed host as a security risk. 



1 7. The method of claim 3 wherein the second packet is derived using at least a 

2 portion of information from the transmitted packet. 

1 8. The method of elaim 7 wherein the transmitted packet is a TCP packet. 

1 9. The method of qlaim 8 wherein the second packet is a UDP packet or an ICMP 

2 packet. 



1 10. A method for analyzing network security of a communications network, the 

2 method comprising: 

3 identifying a plurality of routes that define the communications network; 

4 identifying a plurality of hosts internal to the communications network as a 

5 function of the plurality of routes; 

6 performing a census pf the communications network as a function of the plurality 

7 of hosts to determine a topology of the communications network; 
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transmitting a packet from a host external to the communications network to a 
particular one host of the plurality of hosts internal to the communications network, the 
internal host being selected from the census, and the packet being generated as a function 
of an IP address associated with the host external to the communications network and an 
IP address associated with the particular one host of the plurality of hosts internal to the 
communications inetwork; and 

determining a security characteristic of the particular one internal host as a 
function of a response by the internal host to the receipt of the packet. 
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1 11. The method of claim 10 wherein the determining the security characteristic 

2 operation further comprises: 

3 monitoring the probed host to determine the response, and if the response includes 

4 a transmission of a second packet from the probed host, generating a security alert 

5 message identifying the probed host as a security risk. 

1 12. The method of claim 1 1 wherein the second packet is derived using at least a 

2 portion of information from the transmitted packet. 
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1 13. The mefhod of claim 12 wherein the performing the census operation further 

2 comprises: 

3 pinging a plurality of IP addresses to verify their respective validity , the plurality 

4 of IP addresses being identified from the plurality of routes; 

5 pinging particular hosts of the plurality of hosts to verify their respective location 

6 in the topology of the communications network; 

7 performing at least a first DNS lookup for at least one of the particular hosts; and 

8 performing a ; least a second DNS lookup across a communications channel, the 

9 communications chainel serving to connect the communications network with a network 

10 external to the comrr unications network, the second DNS lookup identifying a specific 

1 1 host of the plurality of hosts. 
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14. The method of claim 12 wherein the probed host is a dual-homed host. 

15. The metra)d of claim 1 1 wherein the security characteristic includes an 
indication that the probed host is outside any security measures provide by a firewall 
associated with the communications network. 

16. A communications system comprising: 

a first plurality oflcomputers associated with a first communications network; 
a second plurality \of computers associated with a second communications 
network; and 

a security host computer which determines a security characteristic of a first 
computer from the plurality of computers, performs a census of the communications 
network as a function of the first plurality of computers, and probes the first computer by 
transmitting a packet to thelfirst computer, the first computer being selected from the 
census results and the packet being generated as a function of an IP address associated 
with a second computer of tHe second plurality of computers and an IP address associated 
with the first computer, and determining a security level associated with the first 
computer as a function of a response of the first computer to receiving the packet. 

17. The communications system of claim 16 wherein the security host computer 
is associated with the first communications network. 

18. The communications! system of claim 17 wherein the response of the first 
computer the receipt of the packdt includes transmitting a second packet, the second 
packet being derived using at least a portion of information from the received packet. 



19. The communications sy 
determines the security characteristic 
determine the response, and if the 



tern of claim 18 wherein the security host computer 
by monitoring the probed first computer to 
rdsponse includes a transmission of the second packet 
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4 from the probed tyost, generating a security alert message identifying the first computer as 

5 a security risk. 



1 20. The 

2 network is an intr; 



communications system of claim 17 wherein the first communications 
et and the second communications network is an Internet. 
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1 21. A security host computer comprising: 

2 . means for perrorming a census of a communications network and determining a 

3 topology of a first communications network, the topology being defined by at least one 

4 computer, 

5 means for probihg the at least one computer by transmitting a packet to the 

6 computer, the computer] being selected from the census results and the packet being 

7 generated as a function of the topology, an IP address associated with a particular host 

8 computer associated with a second communications network and an IP address associated 

9 with the computer, the second communications network being separate from the first 

10 communications network; and 

1 1 a monitor for determining a security level of the computer as a function of a 

12 response by the computer! to the receipt of the packet. 

1 22. The security host computer of claim 21 wherein the monitor monitors the 

2 computer to determine thelresponse, and if the response includes a transmission of a 

3 second packet from the coipputer, a security alert message identifying the computer as a 

4 security risk is generated. 



1 23. The security host computer of claim 22 wherein the security level is 

2 determined with respect to aVirewall located between the first communications network 

3 and the second communications network. 



1 24. A machine-readah 

2 the plurality of instructions i 



medium having stored thereon a plurality of instructions, 
including instructions that, when executed by a machine, 
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3 cause the machme to perform of a method for identifying a plurality of routes that define 

4 the communications network; identifying a plurality of hosts as a function of the plurality 

5 of routes; performing a census of the communications network as a function of the 

6 plurality of hosts to determine a topology of the communications network; probing at 

7 least one host of the\plurality hosts by transmitting a packet to the host, the host being 

8 selected from the census results and the packet being derived as a function of the 

9 topology of the communications network; and determining a security characteristic of the 
10 probed host as a function of a response by the probed host in receiving the packet. 



in 



1 25. The machine-ieadable medium of claim 24 further comprising instructions 

2 that, when executed by a machine, cause the machine to perform the probing the at least 

3 one host operation by identifying the IP address associated with the probed host from the 

4 census; and generating the packet as a function of the IP address associated with the 

5 probed host and the IP address associated with a host external to the communications 

6 network. 



1 26. The machine-readable medium of claim 25 wherein the response of the probed 

2 host to the receipt of the packet includes transmitting a second packet, the second packet 

3 being derived using at least a portion of information from the received packet. 

1 27. The machine-readable medium of claim 26 wherein the communications 

2 network is an intranet, and the external host is associated with an Internet. 
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